Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/d94681-abe6-4e23-9b98-79a0a528e0a4/1/tm8Rt7Sc2c1PcYKasPfyO3eBX9M.roa
File: tm8Rt7Sc2c1PcYKasPfyO3eBX9M.roa (raw, json)
Hash identifier: fWTds4doBQAqbglPwbw6IGwEFIO7de7/7OMc6gbtl08=
Subject key identifier: B6:6F:11:B7:B4:9C:D9:CD:4F:71:82:9A:B0:F7:F2:3B:77:81:5F:D3
Certificate issuer: /CN=610f8f99fca69aa73f88a531db46d228a7e2c3d3
Certificate serial: 019423D75344A801AD01E61C14316D4479D0
Authority key identifier: 61:0F:8F:99:FC:A6:9A:A7:3F:88:A5:31:DB:46:D2:28:A7:E2:C3:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YQ-Pmfymmqc_iKUx20bSKKfiw9M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/d94681-abe6-4e23-9b98-79a0a528e0a4/1/tm8Rt7Sc2c1PcYKasPfyO3eBX9M.roa
Signing time: Wed 01 Jan 2025 21:48:21 +0000
ROA not before: Wed 01 Jan 2025 21:48:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60517
IP address blocks: 178.157.96.0/22 maxlen: 24
178.157.96.0/24 maxlen: 24
178.157.97.0/24 maxlen: 24
178.157.98.0/24 maxlen: 24
178.157.99.0/24 maxlen: 24
185.27.120.0/22 maxlen: 24
185.27.120.0/24 maxlen: 24
185.27.121.0/24 maxlen: 24
185.27.122.0/24 maxlen: 24
185.27.123.0/24 maxlen: 24
185.36.92.0/22 maxlen: 24
185.36.92.0/24 maxlen: 24
185.36.93.0/24 maxlen: 24
185.36.94.0/24 maxlen: 24
185.36.95.0/24 maxlen: 24
185.51.128.0/22 maxlen: 24
185.51.128.0/24 maxlen: 24
185.51.129.0/24 maxlen: 24
185.51.130.0/24 maxlen: 24
185.51.131.0/24 maxlen: 24
185.91.172.0/22 maxlen: 24
185.91.172.0/24 maxlen: 24
185.91.173.0/24 maxlen: 24
185.91.174.0/24 maxlen: 24
185.91.175.0/24 maxlen: 24
185.118.244.0/22 maxlen: 24
185.118.244.0/24 maxlen: 24
185.118.245.0/24 maxlen: 24
185.118.246.0/24 maxlen: 24
185.118.247.0/24 maxlen: 24
185.131.180.0/22 maxlen: 24
185.131.180.0/24 maxlen: 24
185.131.181.0/24 maxlen: 24
185.131.182.0/24 maxlen: 24
185.131.183.0/24 maxlen: 24
185.175.212.0/22 maxlen: 24
2a06:96c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/d94681-abe6-4e23-9b98-79a0a528e0a4/1/YQ-Pmfymmqc_iKUx20bSKKfiw9M.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/d94681-abe6-4e23-9b98-79a0a528e0a4/1/YQ-Pmfymmqc_iKUx20bSKKfiw9M.mft
rsync://rpki.ripe.net/repository/DEFAULT/YQ-Pmfymmqc_iKUx20bSKKfiw9M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:53:44:a8:01:ad:01:e6:1c:14:31:6d:44:79:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=610f8f99fca69aa73f88a531db46d228a7e2c3d3
Validity
Not Before: Jan 1 21:48:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b66f11b7b49cd9cd4f71829ab0f7f23b77815fd3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:eb:71:f4:40:8a:1a:4f:02:9e:2a:2a:63:55:
7f:c4:86:ef:87:2a:3b:12:53:30:a9:8b:bb:8e:73:
a3:ec:5a:d5:09:9d:8e:17:3c:40:b3:98:2c:82:2d:
ef:39:dd:d7:f5:c5:56:b2:b2:4f:fc:01:30:bb:9d:
83:26:f0:f3:33:ba:ae:c6:6f:65:ef:34:aa:94:f1:
5c:1d:03:15:8a:58:7b:8b:e3:4c:0c:e4:e1:fa:e6:
f6:76:38:1c:2a:0b:be:37:ff:1c:a9:cc:21:7b:46:
0b:19:4b:b3:00:7c:53:bf:9f:d0:88:15:7a:6d:a4:
b3:ab:a2:a1:e4:6f:7d:28:29:7f:52:9a:d0:11:dd:
04:f1:e1:71:fe:37:9f:90:cb:6e:5e:5c:22:6e:3b:
96:41:2e:81:9b:e9:13:43:48:cf:0d:d1:00:75:6c:
57:6a:c1:ca:2a:1f:41:fe:f1:e3:75:f9:05:d1:c2:
ae:e9:6a:8a:9f:19:62:7e:f5:bf:83:ef:d2:68:6d:
74:bf:20:cb:fe:33:45:7f:30:c2:d5:3a:4c:c0:6b:
9f:8f:88:5d:5d:f1:e9:ab:99:89:cd:62:73:c6:6d:
60:8a:ce:39:b7:21:7b:ec:05:24:06:fa:b5:61:6b:
23:72:13:de:ac:21:ce:d3:d9:41:de:bc:20:30:e5:
b3:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:6F:11:B7:B4:9C:D9:CD:4F:71:82:9A:B0:F7:F2:3B:77:81:5F:D3
X509v3 Authority Key Identifier:
keyid:61:0F:8F:99:FC:A6:9A:A7:3F:88:A5:31:DB:46:D2:28:A7:E2:C3:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YQ-Pmfymmqc_iKUx20bSKKfiw9M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/d94681-abe6-4e23-9b98-79a0a528e0a4/1/tm8Rt7Sc2c1PcYKasPfyO3eBX9M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/d94681-abe6-4e23-9b98-79a0a528e0a4/1/YQ-Pmfymmqc_iKUx20bSKKfiw9M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.157.96.0/22
185.27.120.0/22
185.36.92.0/22
185.51.128.0/22
185.91.172.0/22
185.118.244.0/22
185.131.180.0/22
185.175.212.0/22
IPv6:
2a06:96c0::/29
Signature Algorithm: sha256WithRSAEncryption
ab:e2:b9:13:49:f3:c9:11:1e:55:43:fc:b0:70:7e:9c:7d:35:
f7:57:68:a9:cb:20:95:ea:b7:08:58:09:2e:08:b5:7e:ab:41:
51:82:fc:b2:e6:6b:14:27:6e:09:03:eb:25:a2:61:98:43:b8:
cc:9c:31:67:34:36:ef:8e:b4:5e:47:40:91:f5:03:4f:75:3a:
02:c7:67:07:2d:71:b4:24:53:a5:40:e1:ba:e6:42:d6:4d:e5:
ef:51:96:4b:08:7a:47:12:ad:82:85:cd:be:37:22:d4:6d:33:
2f:1a:e3:80:89:66:e5:41:e7:07:b0:8b:8d:85:28:96:d9:b2:
2f:4d:48:fb:38:da:f7:ec:e9:24:34:2d:bf:f7:ff:1d:0c:2d:
40:cf:91:c3:da:b3:d2:8c:d8:b2:57:d5:bb:6a:62:ad:95:fd:
cf:0f:12:d9:4c:5f:bf:e7:91:e4:91:59:fe:e3:f8:d2:f1:2c:
1d:31:10:98:a7:a2:84:78:33:48:b5:c0:91:bb:3e:c6:fd:af:
0f:07:d9:68:4e:ed:1a:b8:f9:9a:79:c6:4f:be:54:0c:a2:ee:
08:f2:04:27:2e:74:23:c0:00:1d:4d:88:26:51:d7:c2:bf:b0:
23:ea:41:42:30:7b:68:bb:5c:fa:9c:72:39:1c:61:c3:5b:8a:
ad:ea:2a:39
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZQj11NEqAGtAeYcFDFtRHnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMGY4Zjk5ZmNhNjlhYTczZjg4YTUzMWRiNDZkMjI4YTdl
MmMzZDMwHhcNMjUwMTAxMjE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjZmMTFiN2I0OWNkOWNkNGY3MTgyOWFiMGY3ZjIzYjc3ODE1ZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Otx9ECKGk8CnioqY1V/xIbvhyo7
ElMwqYu7jnOj7FrVCZ2OFzxAs5gsgi3vOd3X9cVWsrJP/AEwu52DJvDzM7quxm9l
7zSqlPFcHQMVilh7i+NMDOTh+ub2djgcKgu+N/8cqcwhe0YLGUuzAHxTv5/QiBV6
baSzq6Kh5G99KCl/UprQEd0E8eFx/jefkMtuXlwibjuWQS6Bm+kTQ0jPDdEAdWxX
asHKKh9B/vHjdfkF0cKu6WqKnxlifvW/g+/SaG10vyDL/jNFfzDC1TpMwGufj4hd
XfHpq5mJzWJzxm1gis45tyF77AUkBvq1YWsjchPerCHO09lB3rwgMOWz4wIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFLZvEbe0nNnNT3GCmrD38jt3gV/TMB8GA1UdIwQY
MBaAFGEPj5n8ppqnP4ilMdtG0iin4sPTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVEtUG1meW1tcWNfaUtVeDIwYlNLS2ZpdzlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9kOTQ2ODEtYWJlNi00ZTIzLTliOTgt
NzlhMGE1MjhlMGE0LzEvdG04UnQ3U2MyYzFQY1lLYXNQZnlPM2VCWDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9kOTQ2ODEtYWJlNi00ZTIzLTliOTgtNzlhMGE1MjhlMGE0
LzEvWVEtUG1meW1tcWNfaUtVeDIwYlNLS2ZpdzlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCsp1gAwQC
uRt4AwQCuSRcAwQCuTOAAwQCuVusAwQCuXb0AwQCuYO0AwQCua/UMA0EAgACMAcD
BQMqBpbAMA0GCSqGSIb3DQEBCwUAA4IBAQCr4rkTSfPJER5VQ/ywcH6cfTX3V2ip
yyCV6rcIWAkuCLV+q0FRgvyy5msUJ24JA+slomGYQ7jMnDFnNDbvjrReR0CR9QNP
dToCx2cHLXG0JFOlQOG65kLWTeXvUZZLCHpHEq2Chc2+NyLUbTMvGuOAiWblQecH
sIuNhSiW2bIvTUj7ONr37OkkNC2/9/8dDC1Az5HD2rPSjNiyV9W7amKtlf3PDxLZ
TF+/55HkkVn+4/jS8SwdMRCYp6KEeDNItcCRuz7G/a8PB9loTu0auPmaecZPvlQM
ou4I8gQnLnQjwAAdTYgmUdfCv7Aj6kFCMHtou1z6nHI5HGHDW4qt6io5
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:49:01 2025 by rpki-client